Commit cb3b2ffb authored by Hans Verkuil's avatar Hans Verkuil Committed by Mauro Carvalho Chehab

media: vicodec: fix memchr() kernel oops

The size passed to memchr is too large as it assumes the search
starts at the start of the buffer, but it can start at an offset.

Cc: <stable@vger.kernel.org>      # for v4.19 and up
Signed-off-by: default avatarHans Verkuil <hverkuil@xs4all.nl>
Signed-off-by: default avatarMauro Carvalho Chehab <mchehab+samsung@kernel.org>
parent 0408b205
...@@ -304,7 +304,8 @@ static int job_ready(void *priv) ...@@ -304,7 +304,8 @@ static int job_ready(void *priv)
for (; p < p_out + sz; p++) { for (; p < p_out + sz; p++) {
u32 copy; u32 copy;
p = memchr(p, magic[ctx->comp_magic_cnt], sz); p = memchr(p, magic[ctx->comp_magic_cnt],
p_out + sz - p);
if (!p) { if (!p) {
ctx->comp_magic_cnt = 0; ctx->comp_magic_cnt = 0;
break; break;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment